Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 610600 (CVE-2017-6074) - kernel: use after free in DCCP protocol (CVE-2017-6074)
Summary: kernel: use after free in DCCP protocol (CVE-2017-6074)
Status: IN_PROGRESS
Alias: CVE-2017-6074
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal critical (vote)
Assignee: Gentoo Kernel Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: A1 [upstream/cve]
Keywords:
Depends on: 611824
Blocks:
  Show dependency tree
 
Reported: 2017-02-22 20:08 UTC by Thomas Deutschmann
Modified: 2017-04-28 21:37 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2017-02-22 20:08:43 UTC
A flaw was found in the linux kernels implementation of DCCP protocol in which a local user could create influence timing in which a skbuff could be used after it had been freed by the kernel.  An attacker is able to craft structures allocated in this free memory will be able to create memory corruption, privilege escalation or crash the system. An attacker must have a local account access on the system, this is not a remote attack. An attack requires IPV6 support to be enabled in the system.

Upstream patch:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
Comment 1 Thomas Deutschmann gentoo-dev Security 2017-02-24 12:02:40 UTC
There's no upstream release containing the fix yet.

Fix present in

>=sys-kernel/gentoo-sources-4.9.12
>=sys-kernel/gentoo-sources-4.4.51
Comment 2 Alice Ferrazzi Gentoo Infrastructure gentoo-dev 2017-02-25 03:59:01 UTC
also in 
>=sys-kernel/gentoo-sources-4.1.44
Comment 3 Justin Lecher gentoo-dev 2017-02-25 10:53:15 UTC
commit 84dd15749e0931a21fcced926b60f054a5ae155a
Author: Justin Lecher <jlec@gentoo.org>
Date:   Sat Feb 25 10:45:17 2017 +0000

    sys-kernel/aufs-sources: Bump to latest aufs, genpatches and linux release fixes CVE-2017-6074

    drop old

    Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=610600

    Package-Manager: Portage-2.3.3, Repoman-2.3.1
    Signed-off-by: Justin Lecher <jlec@gentoo.org>

    https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84dd15749e0931a21fcced926b60f054a5ae155a
Comment 5 ᎫᏤᏣ (kuzetsa) 2017-02-26 15:32:33 UTC
Currently, only other upstream branch with a fix looks like 4.4.y

$ git tag --contains a95df078e86624ee330e82aad34cfd3b5fcf21ce
v4.4.52

Fix for other longterm branches (upstream) don't appear to be in-tree yet.

Upstream 4.10.y branch (any/all post-RC versions) contains the original version which is backported by genpatches-4.9-14

$ git tag --contains 5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
v4.10
v4.10.1

sys-kernel/ck-sources: CVE-2017-6074 (fixed by genpatches 4.9-14 / linux 4.10)